Millions of web users have ignored the advice of security professionals, using easily hackable and insecure passwords such as "123456" and "password" to protect their online accounts.
Despite annual warnings on the dangers of weak passwords, 23.2 million user accounts hacked worldwide used the password 鈥123456," according to data provided to the U.K. government鈥檚 National Cyber Security Center (NCSC).
The six-digit login has topped the list of the worst passwords since 2011.
Surprisingly, 7.7 million users opted for the longer but equally insecure 鈥123456789,鈥 while 3.8 million chose the alphabetical sequence 鈥渜werty鈥 for their password.
The analysis profiling the most commonly re-occurring passwords used by hackers in global cyber breaches was compiled by the security website , run by security expert Troy Hunt. The passwords included in the data have been tracked since the website began tracking data breaches in 2013.
The U.K.鈥檚 NCSC which showed that 42 per cent of Brits are expected to lose money to online fraud thanks to a lack of security knowledge.
鈥淲e understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you much less vulnerable,鈥
鈥淧assword re-use is a major risk that can be avoided - nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band.鈥
Other vulnerable passwords include 鈥減assword鈥 and 鈥1111111.鈥
According to the NSCS, the list of passwords is already available in the public domain for hackers and non-hackers alike to access, making it an important learning opportunity.
鈥淢aking good password choices is the single biggest control consumers have over their own personal security posture,鈥 Hunt said in a statement issued Sunday.
鈥淩ecognizing the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.鈥
How to create a strong password
As indicated by the latest data, the no. 1 mistake users make when creating a password is sticking to popularly used, simple passwords. Another common error: Using the same password across multiple sites.
鈥淲e recommend combining three random but memorable words. Be creative and use words memorable to you, so people can鈥檛 guess your password,鈥 explained Levy.
According to experts, passwords that use eight to ten upper- and lower-case letters mixed with numbers are proven to be more secure. When choosing numbers to add to your password, be sure not to use anything that is easily identifiable, such as your address or date of birth.
As Hunt writes in his , 鈥渢he only secure password is the one you can鈥檛 remember.鈥
The expert regularly recommends users invest in a password manager, such as LastPass or 1Password, which help defend against cyber criminals by generating complicated, encrypted passwords for your online accounts. The only thing you need to worry about is creating one secure master password for the manager itself.